Crypto chat app Signal's disappearing messages found hiding on macOS

Mac Notification Center sometimes clones supposedly transient notes

Encrypted chat app Signal's disappearing messages may not actually vanish on Apple Macs, thanks to the way the encrypted messaging software interacts with the macOS Notification Center.

On Tuesday, security researcher Alec Muffettnoted: "If you are using the @signalapp desktop app for Mac, check your notifications bar; messages get copied there and they seem to persist – even if they are 'disappearing' messages which have been deleted/expunged from the app."

The issue was identified on macOS 10.13.4, the latest operating system release, using Signal 1.9.0, the app's latest macOS release. Signal for iOS does not appear to be affected.

Not all disappearing messages get stored, as Patrick Wardle, chief security researcher of R&D at Synack, explains in a post on his personal blog.

The macOS Notification Center shows notifications sent by installed apps. Apple offers developers several types of notifications. The default "banner" style shows the message sent by the app and disappears after a few seconds.

iOS 11.4 forensics

Apple's forthcoming iOS 11.4 release will disable the Lightning port on devices seven days after the gadgets were last unlocked, according to Russian password-recovery software maker ElcomSoft this week. This USB Restricted Mode means that, if an iOS 11.4 iPhone is seized by the cops, or other folks, they will have a week to extract the contents of the device's storage via the Lightning port before it locks out the physical connection.

An alternate style, "alert," which requires manual dismissal, can be set by entering "alert" as the value for the Info.plist key NSUserNotificationAlertStyle. According to Wardle, Signal does not specify a notification type so it defaults to "banner."

When apps issue notifications, they don't go away automatically. If they're an "alert" type, they have to be dismissed by the user. Also, the application itself can issue a removal call or the user can open the Notification Center and dismiss the message there.

When Signal is being used actively, no notifications are sent. But when Signal is operating in the background and posts a message notification – which includes message content – the operating system dismisses the 'banner' type from the screen but the notification data remains in the Notification Center.

For a privacy-oriented app, that's a problem because messages that were supposed to disappear can still be found. The fix is simple enough: Wardle recommends disabling notifications for Signal through the macOS Settings menu.

The Register asked Open Whisper Systems, the maker of Signal, for comment but we've not heard back. ®